Vint Cerf: CS Changes Needed To Address IoT Security, Privacy

The Internet of Things has tremendous potential but also poses a tremendous risk if the underlying security of Internet of Things devices is not taken into account, according to Vint Cerf, Google’s Internet Evangelist.

Vint Cerf, Google Inc.
Cerf said that the advent of the Internet of Things poses a real challenge to the field of computer science. Namely: how to secure IoT devices. (Photo courtesy of Google.)

Cerf, speaking in a public Google Hangout on Wednesday, said that he’s tremendously excited about the possibilities of an Internet of billions of connected objects, but said that securing the data stored on those devices and exchanged between them represents a challenge to the field of computer science – and one that the nation’s universities need to start addressing.

“I’m very excited,” Cerf said, in response to a question from host Leo Laporte. He cited the Philips HUE lightbulb as an example of a cool IoT application.


Get the New 2017 SANS Research Report on 'Threat Hunting' -- Written by experts from the SANS Institute, the survey reveals a number of interesting data points about the challenges and benefits of threat hunting.


“So you’re going to be able to manage quite a wide range of appliances at home , at work and in your car. Eventually, that will include things you’re wearing or that are embedded in your body,” Cerf said.

The benefits – from convenience to better monitoring of health conditions – are tangible enough. But the increased opportunities for interoperability also increase the risk that “software may be penetrated and compromised in some way.”

“You could have a situation where Bank of America succumbs to a DDoS attack from 100 million connected refrigerators in the U.S.,” Cerf said – an apparent reference to a recent report by ProoPoint that claimed to have uncovered evidence that so-called “smart refrigerators” had been compromised and modified to relay spam e-mail messages.

Cerf’s point: that the “processing power available for making those things accessible” is enough to make them plausible soliders in a malicious bot army, once they have been successfully attacked. 

Cerf said that Internet of Things products need to do a better job managing access control and use strong authentication to secure communications between devices.

Cerf is often referred to as “the father of the Internet” in recognition of his work on ARPANet, the world’s first packet switched network and a predecessor to the modern Internet. As an assistant professor at Stanford University in the early to mid 1970s, he co-wrote the DoD TCP/IP protocol suite with Robert Kahn.

At Google, Cerf is a kind of ambassador from Google on behalf of issues related to Internet freedom and access. This isn’t the first time he has weighed in on the impact of the Internet of Things. Speaking at a forum hosted by the Federal Trade Commission in November, Cerf wondered aloud if our notion of privacy, itself, may be a victim of the increasing connectivity and the presence of small, powerful sensors.

“I don’t feel like privacy is dead,” Cerf told the audience of Washington D.C. policy makers at the workshop. “I do feel like privacy will be increasingly difficult for us to achieve.

Speaking on Wednesday, Cerf said that the computer science community has a “real challenge to meet” in securing IoT devices, and that – early Wednesday – he met with members of the Computing Research Association, a group representing  more than 200 North American academic departments of computer science, computer engineering, to talk about the problem and how computer science curricula might need to change to address the new challenges.